Step 2: Create an IAM role and attach your IAM policy

Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.

In the navigation pane, choose Roles.

Choose Create role.

For Trusted entity type, select AWS service.

For Service or use case, select RDS, and then select RDS – Add Role to Database.

Choose Next.

For Permissions policies, search for and select the name of the IAM policy that you created.

Choose Next.

For Role name, enter a role name.

(Optional) For Description, enter a description for the new role.

Choose Create role.

Run the create-role command. In the following example, replace iam_role_name with a name for your IAM role.

For Linux, macOS, or Unix:

aws iam create-role \
    --role-name iam_role_name \
    --assume-role-policy-document '{
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Principal": {
            "Service": "rds.amazonaws.com"
          },
          "Action": "sts:AssumeRole"
        }
      ]
    }'

For Windows:

aws iam create-role ^
    --role-name iam_role_name ^
    --assume-role-policy-document '{
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Principal": {
            "Service": "rds.amazonaws.com"
          },
          "Action": "sts:AssumeRole"
        }
      ]
    }'

After the role is created, note the ARN of the role. You need the ARN for Step 3: Add your IAM role to your RDS for Db2 DB instance.

Run the attach-role-policy command. In the following example, replace iam_policy_arn with the ARN of the IAM policy that you created in Step 1: Create an IAM policy. Replace iam_role_name with the name of the IAM role that you just created.

For Linux, macOS, or Unix:

aws iam attach-role-policy \
   --policy-arn iam_policy_arn \
   --role-name iam_role_name

For Windows:

aws iam attach-role-policy ^
   --policy-arn iam_policy_arn ^
   --role-name iam_role_name